diff --git a/site-modules/profile/templates/sentry/config.yml.erb b/site-modules/profile/templates/sentry/config.yml.erb index fc180469..847ccfb8 100644 --- a/site-modules/profile/templates/sentry/config.yml.erb +++ b/site-modules/profile/templates/sentry/config.yml.erb @@ -1,89 +1,107 @@ # File managed by puppet (module profile::sentry), modifications will be lost! # While a lot of configuration in Sentry can be changed via the UI, for all # new-style config (as of 8.0) you can also declare values here in this file # to enforce defaults or to ensure they cannot be changed via the UI. For more # information see the Sentry documentation. ############### # Mail Server # ############### # mail.backend: 'smtp' # Use dummy if you want to disable email entirely mail.host: '<%= @mail_host %>' mail.port: 25 mail.username: '' mail.password: '' mail.use-tls: false # The email address to send on behalf of mail.from: '<%= @mail_from %>' # If you'd like to configure email replies, enable this. # mail.enable-replies: true # When email-replies are enabled, this value is used in the Reply-To header # mail.reply-hostname: '' # If you're using mailgun for inbound mail, set your API key and configure a # route to forward to /api/hooks/mailgun/inbound/ # Also don't forget to set `mail.enable-replies: true` above. # mail.mailgun-api-key: '' ################### # System Settings # ################### # If this file ever becomes compromised, it's important to regenerate your a new key # Changing this value will result in all current sessions being invalidated. # A new key can be generated with `$ sentry config generate-secret-key` system.secret-key: '<%= @secret_key %>' # Sentry URL prefix system.url-prefix: 'https://<%= @vhost_name %>' # Sentry admin email address system.admin-email: '<%= @admin_email %>' # The ``redis.clusters`` setting is used, unsurprisingly, to configure Redis # clusters. These clusters can be then referred to by name when configuring # backends such as the cache, digests, or TSDB backend. # redis.clusters: # default: # hosts: # 0: # host: 127.0.0.1 # port: 6379 ################ # File storage # ################ # Uploaded media uses these `filestore` settings. The available # backends are either `filesystem` or `s3`. filestore.backend: 'filesystem' filestore.options: location: '/data/files' dsym.cache-path: '/data/dsym-cache' releasefile.cache-path: '/data/releasefile-cache' # filestore.backend: 's3' # filestore.options: # access_key: 'AKIXXXXXX' # secret_key: 'XXXXXXX' # bucket_name: 's3-bucket-name' system.internal-url-prefix: 'http://web:9000' symbolicator.enabled: true symbolicator.options: url: "http://symbolicator:3021" transaction-events.force-disable-internal-project: true +###################### +# GitHub Integration # +###################### + +# github-app.id: GITHUB_APP_ID +# github-app.name: 'GITHUB_APP_NAME' +# github-app.webhook-secret: 'GITHUB_WEBHOOK_SECRET' # Use only if configured in GitHub +# github-app.client-id: 'GITHUB_CLIENT_ID' +# github-app.client-secret: 'GITHUB_CLIENT_SECRET' +# github-app.private-key: | +# -----BEGIN RSA PRIVATE KEY----- +# privatekeyprivatekeyprivatekeyprivatekey +# privatekeyprivatekeyprivatekeyprivatekey +# privatekeyprivatekeyprivatekeyprivatekey +# privatekeyprivatekeyprivatekeyprivatekey +# privatekeyprivatekeyprivatekeyprivatekey +# -----END RSA PRIVATE KEY----- + # Report full data via the sentry beacon # Docs: https://docs.sentry.io/server/beacon/ beacon.anonymous: false # Allow user registration auth.allow-registration: false diff --git a/site-modules/profile/templates/sentry/sentry.conf.py.erb b/site-modules/profile/templates/sentry/sentry.conf.py.erb index f24c9904..fc4a2c8a 100644 --- a/site-modules/profile/templates/sentry/sentry.conf.py.erb +++ b/site-modules/profile/templates/sentry/sentry.conf.py.erb @@ -1,225 +1,224 @@ # File managed by puppet (module profile::sentry), modifications will be lost! # This file is just Python, with a touch of Django which means # you can inherit and tweak settings to your hearts content. from sentry.conf.server import * # NOQA DATABASES = { "default": { "ENGINE": "sentry.db.postgres", "NAME": "<%= @postgres_dbname %>", "USER": "<%= @postgres_user %>", "PASSWORD": "<%= @postgres_password %>", "HOST": "<%= @postgres_host %>", "PORT": "<%= @postgres_port %>", } } # You should not change this setting after your database has been created # unless you have altered all schemas first SENTRY_USE_BIG_INTS = True # If you're expecting any kind of real traffic on Sentry, we highly recommend # configuring the CACHES and Redis settings ########### # General # ########### # Instruct Sentry that this install intends to be run by a single organization # and thus various UI optimizations should be enabled. SENTRY_SINGLE_ORGANIZATION = True +SENTRY_OPTIONS["system.event-retention-days"] = int(env('SENTRY_EVENT_RETENTION_DAYS', '90')) + ######### # Redis # ######### # Generic Redis configuration used as defaults for various things including: # Buffers, Quotas, TSDB SENTRY_OPTIONS["redis.clusters"] = { "default": { "hosts": {0: {"host": "redis", "password": "", "port": "6379", "db": "0"}} } } ######### # Queue # ######### # See https://docs.getsentry.com/on-premise/server/queue/ for more # information on configuring your queue broker and workers. Sentry relies # on a Python framework called Celery to manage queues. rabbitmq_host = None if rabbitmq_host: BROKER_URL = "amqp://{username}:{password}@{host}/{vhost}".format( username="guest", password="guest", host=rabbitmq_host, vhost="/" ) else: BROKER_URL = "redis://:{password}@{host}:{port}/{db}".format( **SENTRY_OPTIONS["redis.clusters"]["default"]["hosts"][0] ) ######### # Cache # ######### # Sentry currently utilizes two separate mechanisms. While CACHES is not a # requirement, it will optimize several high throughput patterns. CACHES = { "default": { "BACKEND": "django.core.cache.backends.memcached.MemcachedCache", "LOCATION": ["memcached:11211"], "TIMEOUT": 3600, } } # A primary cache is required for things such as processing events SENTRY_CACHE = "sentry.cache.redis.RedisCache" DEFAULT_KAFKA_OPTIONS = { "bootstrap.servers": "<%= @kafka_bootstrap_servers %>", "message.max.bytes": 50000000, "socket.timeout.ms": 1000, } SENTRY_EVENTSTREAM = "sentry.eventstream.kafka.KafkaEventStream" SENTRY_EVENTSTREAM_OPTIONS = {"producer_configuration": DEFAULT_KAFKA_OPTIONS} KAFKA_CLUSTERS["default"] = DEFAULT_KAFKA_OPTIONS ############### # Rate Limits # ############### # Rate limits apply to notification handlers and are enforced per-project # automatically. SENTRY_RATELIMITER = "sentry.ratelimits.redis.RedisRateLimiter" ################## # Update Buffers # ################## # Buffers (combined with queueing) act as an intermediate layer between the # database and the storage API. They will greatly improve efficiency on large # numbers of the same events being sent to the API in a short amount of time. # (read: if you send any kind of real data to Sentry, you should enable buffers) SENTRY_BUFFER = "sentry.buffer.redis.RedisBuffer" ########## # Quotas # ########## # Quotas allow you to rate limit individual projects or the Sentry install as # a whole. SENTRY_QUOTAS = "sentry.quotas.redis.RedisQuota" ######## # TSDB # ######## # The TSDB is used for building charts as well as making things like per-rate # alerts possible. SENTRY_TSDB = "sentry.tsdb.redissnuba.RedisSnubaTSDB" ######### # SNUBA # ######### -SENTRY_SEARCH = "sentry.search.snuba.SnubaSearchBackend" +SENTRY_SEARCH = "sentry.search.snuba.EventsDatasetSnubaSearchBackend" SENTRY_SEARCH_OPTIONS = {} SENTRY_TAGSTORE_OPTIONS = {} ########### # Digests # ########### # The digest backend powers notification summaries. SENTRY_DIGESTS = "sentry.digests.backends.redis.RedisBackend" ############## # Web Server # ############## SENTRY_WEB_HOST = "0.0.0.0" SENTRY_WEB_PORT = 9000 SENTRY_WEB_OPTIONS = { "http": "%s:%s" % (SENTRY_WEB_HOST, SENTRY_WEB_PORT), "protocol": "uwsgi", # This is needed to prevent https://git.io/fj7Lw "uwsgi-socket": None, "http-keepalive": True, + "http-chunked-input": True, "memory-report": False, # 'workers': 3, # the number of web workers } ########### # SSL/TLS # ########### # If you're using a reverse SSL proxy, you should enable the X-Forwarded-Proto # header and enable the settings below SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') SESSION_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True SOCIAL_AUTH_REDIRECT_IS_HTTPS = True # End of SSL/TLS settings ############ # Features # ############ SENTRY_FEATURES["projects:sample-events"] = False SENTRY_FEATURES.update( { feature: True for feature in ( "organizations:discover", "organizations:events", + "organizations:discover-basic", + "organizations:discover-query", + "organizations:events-v2", "organizations:global-views", "organizations:integrations-issue-basic", "organizations:integrations-issue-sync", "organizations:invite-members", - "organizations:new-issue-ui", - "organizations:repos", - "organizations:require-2fa", - "organizations:sentry10", "organizations:sso-basic", "organizations:sso-rippling", "organizations:sso-saml2", - "organizations:suggested-commits", "projects:custom-inbound-filters", "projects:data-forwarding", "projects:discard-groups", "projects:plugins", "projects:rate-limits", "projects:servicehooks", ) } ) ###################### # GitHub Integration # -##################### +###################### -# GITHUB_APP_ID = 'YOUR_GITHUB_APP_ID' -# GITHUB_API_SECRET = 'YOUR_GITHUB_API_SECRET' -# GITHUB_EXTENDED_PERMISSIONS = ['repo'] +GITHUB_EXTENDED_PERMISSIONS = ['repo'] ######################### # Bitbucket Integration # ######################## # BITBUCKET_CONSUMER_KEY = 'YOUR_BITBUCKET_CONSUMER_KEY' # BITBUCKET_CONSUMER_SECRET = 'YOUR_BITBUCKET_CONSUMER_SECRET'